JHipster release v6.3.0

Are you vulnerable? if you use JWT, session or UAA authentication, and more importantly if you use our system to send a link to reset passwords, then you are affected. The algorithm used isn’t cryptographically secure, which means that an attacker could guess a reset link, and hence take over any account in the system.

What will happen next This is the first time we used the “security advisory” feature from GitHub. We certainly learned a lot, and we will provide in the very near future a clear path to report security advisories to the team.